December 1, 2000

OpenBSD 2.8 released

Author: JT Smith

It is our pleasure to officially announce the release of OpenBSD 2.8.
Just over 6 weeks ago, on October 18, OpenBSD turned 5 years old. In
celebration of this milestone, we invite you to enjoy our 8th release
on CDROM (and 9th via FTP). We continue to celebrate OpenBSD's record
of three years without a remote hole in the default install.
Just like
all of our previous releases, 2.8 provides significant improvements,
including new features, in nearly all areas of the system:

Hardware support is improved
OpenBSD 2.8 will run on Apple iMac, G3, G4, and G4 Cube machines.

Improved hardware crypto support, now including Hifn PowerCrypt and
Broadcom Bluesteelnet (uBsec) hardware accelerator boards.

Many new Ethernet devices supported, including National
DP83815-based adapters, 3Com MiniPCI adapters, 3Com 574-based
and many new CardBus devices (Xircom, Intel 21143, Intel CardBus

Support for most of the Gigabit Ethernet cards on the market, i.e.,
SysKonnect, Intel, and Alteon-based.

Support for most types of USB devices, including Ethernet,
audio, etc. Sync your Handspring Visor, or transfer MP3s to your

Support for 3ware Escalade 3W-5x000 and 3W-6x000 series RAID

New audio support, including the Cirrus Logic CS4280, ForteMedia
and integrated audio chips found on newer VIA and Intel

Improvements and new support in the PCI IDE subsystem.

Security has been further strengthened

In response to the threat posed by so-called "format string" bugs,
performed a complete source tree audit in June to identify and
such problems. This involved countless hours of code reading and
bug fixes. We are confident that these issues have been solved and
that once again our proactive security auditing process has proved
invaluable component of the OpenBSD philosophy.

Several other security issues dealt with across the system, many of
were identified by members of the OpenBSD team themselves. Please
see for more details on what was

Even more integrated cryptography

OpenSSH has been improved, debugged, and is now at version 2.3.0.
for both SSH1 and SSH2 protocols ensures maximum interoperability
other implementations. This version also includes an SFTP server
secure file transfers with several Windows-based clients. Since
is free, it has continued to gain acceptance on other operating
as well. For more information, see, or
simply install OpenBSD 2.8 and try it out. Our sincerest thanks to Markus
one of our developers and the driving force behind OpenSSH.

The celebration continues. What better birthday present for
the expiration of the RSA patent? SSL libraries now come as part of
base operating system install, permitting SSL and RSA applications
work normally without fancy installation tricks. These
include httpd, isakmpd, and ssh.

Our already very mature IPSEC code has been enhanced to comply with
the latest standard changes, i.e., AES. Using IPSEC and bridging,
Ethernets can be securely tunneled over the Internet. The IKE
has become more robust and can be used in a configuration-less mode
conjunction with certificates. IPSEC performance has improved for
software cryptography, but with hardware crypto accelerators
(including HiFn and Broadcom based encryption processors), incredibly
fast IPSEC processing is possible.

Improving on the encryption of swap space introduced in the
release, OpenBSD now uses Rijndael, the recently chosen AES

Many other bugs fixed

The "ports" tree is greatly improved

The 2.8 CD ships with many more pre-built packages for the common
architectures. The FTP site contains hundreds more packages (for
important architectures) which we could not fit onto the CDs. A
list of
those packages is appended below.

Many subsystems improved and updated since the last release:
XFree86 3.3.6-current
gcc 2.95.3
perl 5.6.0 plus a few fixes.
Apache 1.3.12 (+ patches), Mod_ssl 2.6.2, OpenSSL 0.9.5a, DSO
ipf 3.3.18
groff 1.15
sendmail 8.10.1
lynx 2.8.2 with HTTPS support added
sudo 1.6.3p5
ncurses 5.2
Latest KAME IPv6
KTH Kerberos 1.0.2
OpenSSH 2.3.0

If you'd like to see a list of what has changed between OpenBSD 2.7 and
2.8, look at

Even though the list is a summary of the most important changes made to
OpenBSD, it still is a very very long list -- more than 700 major

This is our ninth OpenBSD release, and the eighth release which is
available on CDROM. Our releases have been spaced six months apart,
and we plan to continue this timing.

Security and errata

We provide patches for known security threats and other important
discovered after each CD release. As usual, between the creation of the
OpenBSD 2.8 FTP/CDROM binaries and the actual 2.8 release date, our
found and fixed some new reliability problems (note: most are minor,
in subsystems that are not enabled by default). Our continued research
into security means we will find new security problems -- and we always
provide patches as soon as possible. Therefore, we advise regular
visits to

CDROM sales

OpenBSD 2.8 is also available on CDROM. A 2-CD set which costs $30USD
is available via mail order and from a number of contacts around the
world. The set includes a colorful booklet which carefully explains
the installation of OpenBSD. A new set of cute little stickers is
included (sorry, but our FTP mirror sites do not support STP, the
Sticker Transfer Protocol). Profits from these sales are the primary
income source for the OpenBSD project -- in essence selling these
CDROM units ensures that OpenBSD will continue to make another release
six months from now.

For more information on ordering CDROMs, see
The above web page lists a number of places where OpenBSD CDROMs can
be purchased. For our default mail order, go directly to
or, for European orders,

All of our developers strongly urge you to buy a CDROM and support our
future efforts. As well, donations to the project are highly
appreciated, as described in more detail at

T-shirt sales

The project continues to expand its funding base by selling T-shirts
polo shirts. And our users like them, too. We have a variety of shirts
available, with the new and old designs, from our web ordering system
With this release, we introduce 2 new shirts.

FTP installs

If you choose not to buy an OpenBSD CDROM, OpenBSD can be easily
installed via FTP. Typically you need a single small piece of boot
media (e.g., a boot floppy) and then the rest of the files can be
installed from a number of locations, including directly off the
Internet. Follow this simple set of instructions to ensure that you
find all of the documentation you will need while performing an install
via FTP. With the CDROMs, the necessary documentation is easier to

Read either of the following two files for a list of ftp
mirrors which provide OpenBSD, then choose one near you:;

XFree86 for most architectures

XFree86 has been integrated more closely into the system. This
release contains XFree86 3.3.6. Most of our architectures ship with
XFree86, even the sparc and powerpc. During installation, you can
XFree86 quite easily. Be sure to try out xdm(1) and see how we have
customized it for OpenBSD.

Ports tree

The OpenBSD ports tree contains automated instructions for building
third party software. The software has been verified to build and run
on the various OpenBSD architectures. The 2.8 ports collection,
including many of the distribution files, is included on the 2-CD set.
Please see PORTS file for more information.
Note: some of the most popular ports, e.g., the Apache web server and
several X applications, are now a standard part of OpenBSD. Also,
other popular ports have been pre-compiled for those who do not desire
to build their own binaries.

Binary packages we provide

A number of binary packages are provided. Please see PACKAGES file
( for more details.

System source code

The CDROMs contain source code for all the subsystems explained above,
and the README ( file explains how to deal with these source files. For those who are doing
an FTP install, the source code for all four subsystems can be
found in the pub/OpenBSD/2.8/ directory:
X11.tar.gz; ports.tar.gz; src.tar.gz; srcsys.tar.gz.


OpenBSD 2.8 introduces artwork and CD artistic layout by Ty Semaka
(who as it happens, performs in a band called the Plaid Tongued
Devils, Ports tree and package building
by Brad Smith, Marc Espie, and Chris Turan. System builds by Theo de
Raadt, Niklas Hallqvist, Todd Fries, Steve Murphree, Miod Vallat,
Mats O Jansson, Marc Espie, and Bob Beck. ISO-9660 filesystem layout
by Theo de Raadt. Release announcement written by Aaron Campbell.
We would like to thank all of the people who sent in bug reports, bug
fixes, donation checks, and hardware that we use. We would also like
to thank those who bought our previous CDROMs. Those who did not
support us financially have still helped us with our goal of improving
the quality of the software.

Our developers are:
Aaron Campbell, Angelos D. Keromytis, Anil Madhavapeddy, Artur
Assar Westerlund, Bob Beck, Brad Smith, Brandon Creighton, Brian
Bruno Rohee, Camiel Dobbelaar, Chris Cappuccio, Christian Weisgerber,
Chris Turan, Constantine Sapuntzakis, Craig Metz, Dale Rahn, Damien
Dan Harnett, David Terrell, David Leonard, David Sacerdote, Dug Song,
Eric Jackson, Federico G. Schwindt, Hakan Olsson, Hans Insulander,
Horacio Ganau, Hugh Graham, Ian Darwin, Jakob Schlyter, Jan-Uwe
Janne Johansson, Jason Downs, Jason Ish, Jason Wright,
Jun-ichiro itojun Hagino, Kenneth R Westerback, Kevin Lo, Kjell
M. Warner Losh, Marc Espie, Marco S Hyman, Mark Grimes,
Markus Friedl, Mats O Jansson, Matt Behrens, Matthew Jacob,
Matthieu Herrb, Michael Shalayeff, Miod Vallat, Nathan Binkert,
Niels Provos, Niklas Hallqvist, Oleg Safiullin, Paul Janzen,
Peter Galbavy, Phillip Lenhardt, Reinhard J Sammer, Sontri Tomo
Steve Murphree, Theo de Raadt, Thorsten Lockert, Tobias Weingartner,
Todd C. Miller, Todd T. Fries, Wim Vandeputte, and Yannick Cote.
For press contact, please contact

List of FTP sites

The following list should be helpful for those who want to install
OpenBSD via FTP.; Pennsylvania,
USA; Sunnyvale, CA,
USA; Athens, Greece; Melbourne,
Australia; Oleane, France; Edmonton,
Canada; Amsterdam,
Netherlands; Chernogolovka,
Russia; Berlin, Germany; Thrace, Greece; Dublin, Ireland; Zurich,
Switzerland; Paris, France; Frankfurt,
Germany; Paris, France; Oslo, Norway; Perth,
Australia; Tokyo, Japan; Tokyo, Japan; Thailand; London, UK; Ibaraki, Japan; Amsterdam,
Netherlands; Auckland, New
Zealand; Ambler, PA, USA; Buenos Aires,
Argentina; Edmonton,
Canada; London, UK; Moscow, Russia; Madrid, Spain; Seoul, Korea; Chicago, IL, USA; Stockholm,
Sweden; Uppsala, Sweden; Gdansk, Poland; Springfield, VA,
USA; Italy; Sydney,
Australia; Boulder, CO, USA; Ann Arbor, MI,
USA; West Lafayette,
IN, USA; Batesville, AR,
USA; Vienna, Austria; Brisbane,
Australia; Taiwan; Timisoara,
Romania; Algonquin, IL,
USA; Zurich,
Switzerland; London, UK; Oslo, Norway; Urbana, IL, USA; Novosibirsk,

Click Here!